NGO Security

Tuesday, February 28, 2006

Flash Drives and TrueCrypt

More and more people in the humanitarian world, including security practitioners, are coming to rely on Flash Drives. Also known as Thumb Drives, Pen Drives, USB Drives or Flash Memory Drives, these small devices store from 128 Megabytes to several Gigabytes of data. The drives plug into a computer’s USB port and allow you to transfer or work on files wherever there is a computer.

If you use a flash drive, or are considering using one, a big question to ask yourself is what would happen if the drive was lost or stolen? Are there sensitive files or information that if ended up in the wrong hands could bring harm or loss to your organization, its staff or the people that you serve?

If you routinely carry sensitive data on your flash drive (or a laptop), consider keeping it encrypted. Encryption means scrambling the data so an unauthorized person can't access it. The data is protected with a password that only you know.

One of the better free encryption solutions for Windows and Linux computers is a program called TrueCrypt. TrueCrypt creates password-protected volumes (think of a volume like a folder). Any files that are copied or written to the volume are automatically encrypted. This is called "on-the-fly" encryption and is a fast and convenient way to keep sensitive files secure.

TrueCrypt is easy to install and set up, but to assist you more, here are twotutorials with step-by-step instructions for securing flash drives.

(PS – If you wear a flash drive around your neck, be sure it's on a cord or chain that will easily break away if someone grabs it or if it snags on something. This reduces the chances of you purposely or accidentally being choked. Safety first!)

Since the US invasion of Iraq, PMCs have become quite popular in providing security services for diplomatic missions, reconstruction efforts, private businesses, and some NGO activities. Companies such as Blackwater, Triple Canopy and Aegis (among others) have received lucrative contracts in providing private security services. There has also been a considerable amount of controversy over PMCs, with allegations of fraud and documented incidents where contractors have acted criminally against civilians with little accountability.

PMCs tend to employ contractors with past military or law enforcement experience. Contractors dress in civilian clothing (very similar to what a typical aid worker may be wearing, with the exception of body armor and prominently displayed weapons). Some PMCs and their staff have excellent reputations and do a very good job under difficult circumstances. Others have poor reputations and their presence may actually increase versus decrease risk.

The decision to use a PMC is going to be made at your organization's higher levels, so as a field security officer, you may not have much say in initial discussions. However you do have a say in whether you think the actions of PMC contractors may be compromising the safety and security of staff and programs. As a security officer you'll likely end up acting as a liaison with assigned PMC management and personnel. Take the time to understand their roles and responsibilities and spend time educating them about your programs and needs. The goal is to try to find a balance between sufficient security and effective programming.

Remember that a PMC is like any vendor and is simply supplying a service to your NGO. If the situation warrants, it may be necessary to suggest using another vendor. If that's the case, be sure to extensively document the reasons why before discussing with your organization's management.

Incident: Attempted Suicide Bombing, Afghanistan

In this case an NGO wasn't targeted, but was being used as part of a deception. A report out of Afghanistan states a would-be suicide bomber used NGO credentials in an attempt to get close to his potential target; a provincial government. No confirmed details on whether identification documents were forged or if the unsuccessful bomber had actually infiltrated an NGO. In either case, a definite cause for concern. How good are your office's background checks on new staff members? Do you have a contingency plan in place if a staff member, or someone posing as a staff member, commits a highly publicized crime? What would the impact be to your programs and operations?

Friday, February 24, 2006

Increased pressure on NGOs in Chechnya?

Local NGOs believe the ban on Danish Refugee Council activities in Chechnya is a possible sign of things to come for other NGOs. Lots of security implications if the government starts exerting pressure in Chechnya and Ingushetia, including how to maintain a level of transparency so as not to give officials a reason to suspend operations while keeping staff and programs safe and running under increased government scrutiny and potential harassment.

Mountain Guides for Assessments

Interesting article about WFP using experienced mountain guides for assessments in remote areas of Pakistan and Kashmir impacted by the recent earthquakes. This makes abundant sense in using trained, properly equipped and physically fit personnel for assessments in hazardous areas. Risk is definitely decreased in comparison to using normal UN or NGO staff for this type of mission.

RedR Trainer Resources

Felix writes in to recommend a Web page with a collection of papers on a variety of NGO security topics. Primarily designed as resources for RedR trainers, but applicable to anyone interested in security.

Saturday, February 18, 2006

From Rwanda to Darfur: Lessons Learned?

AC writes in with a pointer to an editorial by Gerald Caplan on what lessons the international community learned from the genocide in Rwanda in relation to the current situation in Darfur. This is a good read. Context is always stated to be incredibly important in dealing with security matters, but all too often the context of larger, geopolitical issues can be overlooked. Understanding "how the game is being played" at all levels allows us to refine and enhance our security and safety guidance as well as identify potential threats and risks that might not be readily apparent.

Friday, February 17, 2006

Incident: Police Interview, Uganda

An interesting account of the director of the Danish NGO MS Uganda being questioned by police in Kampala about importing civic education posters that were thought to portray the military in a poor light.

Does your office have policies and procedures in place for dealing with police interviews or detentions? Have staff been trained on what to do in situations like this and understand the type of support they'll receive (both legal and moral) from your organization?

Incident: Travel Restrictions/Office Closures, Pakistan

The International Organization for Migration (IOM) announced temporary staff travel restrictions and office closures in Pakistan in the wake of violence associated with controversial Danish cartoons. The measures are precautionary as there have been no reported attacks on IOM staff or facilities.

Thursday, February 16, 2006

Incident: Asphyxiation deaths, Afghanistan

Word (thanks AC) of the possible deaths of two Italian humanitarian workers in Kabul, Afghanistan due to a malfunctioning heater. (17-2-06 0200 GMT Update) This has now been confirmed by the Italian media, but there is speculation as whether a heater was to blame or if the cause of death was poisoning. An investigation is ongoing and we'll update this post as new information becomes available. Condolences to the International Development Law Organisation (IDLO) and the friends and families of Iendi Iannelli and Stefano Siringo.

From a safety perspective, any fuel heater can be a risk in an enclosed space. Ensure rooms (especially sleeping quarters) have sufficient ventilation or better yet, use portable battery-powered carbon monoxide detectors with alarms.

Wednesday, February 15, 2006

Katrina - Lessons Learned

The U.S. House Select Committee investigating Hurricane Katrina released its final report today. "A Failure of Initiative" is a lengthy and detailed examination of what went right and what went wrong prior to and following Hurricane Katrina. So what does this have to do with NGOs and security? A couple of things.

1. The planning, command, logistics and communications failures associated with Katrina should be required reading for anyone involved with emergencies (especially security officers). Many of the lessons learned are directly or indirectly applicable to non-development NGO activities and operations.

2. For most NGOs that strive to be transparent, this level of public self-scrutiny, analysis and disclosure rarely happens with security or safety related incidents. After action reports and critiques are remarkable learning tools for avoiding similar events in the future. But there is little sharing of information about security incidents, especially the big ones, within the NGO community. Information about an incident is usually kept internal or perhaps shared at the InterAction council level. Quite often it never reaches the field where it is needed the most. Yes, organizational reputation (especially with donors) can be put at risk if say it was revealed an international staff member who was kidnapped did everything wrong in terms of personal security and that the office security policies and procedures were woefully inadequate. But when widely communicated, that type of information is incredibly powerful in decreasing the chances that such an incident happens again. People relate much better to real life events that demonstrate consequences.

As George Santayana said, "Those who cannot remember the past are condemned to repeat it."

Off the soapbox and back to Katrina. From being on the ground in New Orleans immediately following the storm as part of the relief efforts, I can categorically state that if NGO staff with experience in international emergency and IDP situations had been involved in managing the incident (with their advice heeded), a fair amount of the suffering could have been reduced.

Note: (2/23/06) - The White House just released their lessons learned report. Not nearly as comprehensive or self-reflective as the House version, but still useful to read.

Incident: Drownings, Somalia

An overloaded boat carrying local workers contracted to unload a ship transporting food aid from CARE International capsized off the coast of southern Somalia with three people reported drowned and numerous injuries. Reports say the fishing boat, with a normal capacity of 30 to 50 people, had 120 souls on board in an effort to speed up unloading of the larger ship.

From a risk management standpoint, how far do your duties extend as a security officer (or program manager)? Who is ultimately responsible in a case like this? The boat's captain for overloading the boat, the contractor who was responsible for the ship unloading, or the NGO staff member who was overseeing aid transport and distribution? One can hope this incident is analyzed and appropriate policies and procedures are put in place to avoid similar occurrences in the future.

Tuesday, February 14, 2006

Incident: Arrests, Sudan

Five staff members of the Sudanese NGO SUDO were arrested without charge in Western Darfur. They were later released after intervention by Amnesty International.

In many parts of the world, national NGOs receive considerably more harassment by governments than larger, international NGOs; simply because regimes can easily exert pressure with fewer consequences. Security incidents involving national NGOs are grossly underreported, and receive very little Western media attention. If you're working with a national NGO, basic security practices apply. However just remember that national NGOs typically don't enjoy the influence and status of their larger international cousins, and you'll need to adjust some policies and procedures to account for that.

Monday, February 13, 2006

Incident: Temporary office closures, Haiti

A number of NGOs temporarily closed their offices today due to election-related protests in Port-Au-Prince. Presidential frontrunner Rene Preval's lead has declined below the 50% mark and it appears a run-off election will need to take place in March. This will likely lead to more protests and violence from Preval supporters who believe the election was tampered with.

Friday, February 10, 2006

What is an NGO?

As you've probably observed, this Blog is about NGO security. But what exactly is an NGO? Coming up with a good working definition is actually a little more complicated than you might think. A good reference is Peter Willetts' "What is a Non-Governmental Organization?" that appears in the UNESCO Encyclopaedia of Life Support Systems. Even if you're in the humanitarian field and think you know what an NGO is, this paper is a good read. (Thanks to Alexandre for the tip.)

Incident: Abduction, Colombia

Two humanitarian workers associated with Doctors Without Borders were released after being held five days by an armed group in the North Santander province of Colombia near Venezuela. No details on whether negotiations were entered or the terms of their release.

Academic study of NGO security practices is crucial to us "getting it right." It's all too easy to make decisions based on anecdotal data or what are historically believed to be truths. Having researchers objectively validate or invalidate our perceptions and cast light in areas we might not have a full understanding of, will help us enhance the safety of the people we serve.

Thursday, February 09, 2006

Intentional Violence Rates Higher than Thought

It's long been thought that accidents are one of the primary causes of aid worker deaths. However a new study states that acts of deliberate violence killed more humanitarian workers in the past three years than accidents or illness. Researchers from the Center for Refugee and Disaster Response at the Johns Hopkins Bloomberg School of Public Health have been studying incidents and found that 60% of aid worker fatalities were caused by intentional violence. 71% of the incidents didn't involve theft. And 65% of the incidents happened to workers while they were coming and going from projects. (More stats are given in the link.)

It's nice to see topics relating to NGO security coming under academic scrutiny. Using statistical methods to discover trends and validate observations helps contribute to enhanced safety measures and training for field staff. While obviously context varies from one operating area to another, security officers and management should be paying close attention to these studies to better understand issues the field faces.

Negotiations with Armed Groups

Wednesday, February 08, 2006

Incident: Expulsion, Chechnya

In reaction to the continued furor over Danish cartoons depicting the Prophet Mohammad, the Chechnyan government announced it would be expelling Danish aid workers and ceasing in-country operations of the Danish Refugee Council. Despite efforts to distance itself from the controversy, the organization has experienced various forms of hostility throughout the world.

The Chechyna situation is politically complicated and may simply be an opportunity for the government to exert more control over NGOs, following the lead of Russia.

However, the volatility associated with the cartoons raises a very important point. Actions by a government or an individual, corporation or organization that is viewed to be affiliated with a government (whether it is or not), may have a significant, rapid and unforeseen impact on an NGO's operations. It's unlikely the Danish Refugee Council or individual Danish aid workers ever dreamed they'd be put at risk from a series of political cartoons published thousands of miles from where they were working almost six months prior. This situation should emphasize why having good contingency and evacuation plans in place is so very important for any NGO field office.

Incident: Evacuation, West Bank

The Temporary International Presence in Hebron (TIPH) announced it was evacuating its 71 staff from Hebron to Tel Aviv due to violence and protests (including an attack on its office) prompted by cartoons of Mohammed deemed offensive by Muslims. The mission's Danish observers had left the city last week on advise of the Danish foreign ministry.

Incident: Support reduction, DRC

MSF-Spain announced it would be reducing activities (mostly halting drug supplies) in Nyunzu Territory, in the north part of the Democratic Republic of Congo's Katanga Province. Reasons stated were local healthcare providers were misdiagnosing patients, putting them at risk. Usually NGOs will suspend or reduce operations when their own staff is at risk. This is an interesting case where the safety of the beneficiaries is driving a decision to end support. (Feb. 15) Follow-up clarification press release by MSF-Spain.

Tuesday, February 07, 2006

Incident: Staff reduction, Afghanistan

The UN announced it was withdrawing non-essential staff from the city of Maynama, due to violence and protests associated with Danish cartoons of Mohammad that have been viewed as blasphemous by many Muslims throughout the world.

Incident: Abduction, Chad

Two UNHCR staff officials were abducted from their office in Guereda by armed gunmen and were forced to drive toward Darfur. The vehicle they were riding in experienced flat tires and the abductors abandoned both the officials and the vehicle. The UN employees were recovered, uninjured.

Monday, February 06, 2006

Kidnappings in Haiti

A good Christian Science Monitor article on rampant abductions in Haiti. Kidnappings can be one of the most challenging and difficult security incidents for an NGO to deal with. Just like the U.S. government, many NGOs have a "no ransom" policy if a staff member is kidnapped. This makes sense from an operational standpoint, because once you pay a ransom, that can encourage more abductions. Aid worker = cash in the bank or leverage point for political demands.

It's worth noting that although some NGOs clearly state they won't pay ransoms, at times they'll cut backroom deals with the abductors that are never publicly disclosed. This can cause problems if done unilaterally. For example last year a national staff member of a large NGO was kidnapped in Haiti and money was exchanged as part of the release deal (although creatively done; when is a ransom not a ransom). When word got out, other NGOs working in Haiti weren't very happy because they didn't know about the pay-off and felt the one organization's actions had put their staff at greater risk.

When you make security decisions always keep in mind the old Chinese story of the kindly monk picking up a caterpillar from the middle of the road and moving it to the side so it wouldn't get squashed. Only to have a bird promptly swoop down and eat it.

Friday, February 03, 2006

Incident: Abduction, Sudan

Gunmen were reported to have abducted eight French humanitarian workers in Darfur. The French aid group Action Against Hunger (ACF) later denied Sudanese media reports that staff members had been kidnapped. It did say a security incident involving a convoy had occurred, and two of six vehicles were seized.

Not referring to this particular incident, but keep in mind that NGOs can be just as deft as governments when it comes to putting spin on security incidents. Lots of incidents are never publicly reported and for the ones that do receive attention, details are often swept under the carpet. Image, from both a public and donor perspective, is usually fiercely protected. Sometimes at the expense of future operational security.

Wednesday, February 01, 2006

Incident: Abductions, Sri Lanka

Over the past few days, 10 workers associated with the Tamils Rehabilitation Organisation (TRO), a Sri Lankan humanitarian group, have been reported abducted. TRO, which has links with the LTTE, accuses government security forces. The government denies involvement and the LTTE says the abductions are threatening the restarted peace talks.